Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
Tribe29

Checkmk

30 Versions 19 CVEs

Versions

2.1.0p10

OTHER 3 CVEs

2.1.0p27

OTHER 1 CVE

2.0.0p29

OTHER 2 CVEs

2.0.0p28

OTHER 2 CVEs

2.1.0p18

OTHER 1 CVE

1.6.0p29

OTHER 2 CVEs

2.1.0p25

OTHER 1 CVE

2.0.0p34

OTHER 2 CVEs

2.1.0p23

OTHER 1 CVE

1.6.0

SEMANTIC 11 CVEs

2.1.0p11

OTHER 2 CVEs

2.2.0b3

OTHER 1 CVE

2.0.0p35

OTHER 1 CVE

2.1.0p6

OTHER 1 CVE

2.0.0p31

OTHER 1 CVE

2.0.0p32

OTHER 2 CVEs

2.2.0b4

OTHER 1 CVE

2.1.0p17

OTHER 1 CVE

2.0.0p27

OTHER 3 CVEs

2.1.0p26

OTHER 1 CVE

2.2.0p4

OTHER 1 CVE

2.2.0b6

OTHER 1 CVE

2.1.0p19

OTHER 1 CVE

2.1.0p13

OTHER 2 CVEs

1.6.0p30

OTHER 8 CVEs

2.1.0

SEMANTIC 17 CVEs

2.2.0

SEMANTIC 5 CVEs

2.3.0

SEMANTIC 1 CVE

1.5.0

SEMANTIC 1 CVE

2.0.0

SEMANTIC 15 CVEs

Recent CVEs

CVE-2022-46302

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host.

HIGH Apr 20, 2023

CVE-2022-48320

Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages.

MEDIUM Feb 20, 2023

CVE-2022-48319

Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file.

MEDIUM Feb 20, 2023

CVE-2022-48318

No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk <= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation.

MEDIUM Feb 20, 2023

CVE-2022-48317

Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI.

MEDIUM Feb 20, 2023

CVE-2022-47909

Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost.

MEDIUM Feb 20, 2023

CVE-2022-46836

PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component.

CRITICAL Feb 20, 2023

CVE-2022-46303

Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions.

HIGH Feb 20, 2023

CVE-2022-43440

Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable

HIGH Feb 09, 2023

CVE-2022-4884

Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file.

LOW Jan 09, 2023